Differenze tra le versioni di "Application Settings"

Da itm wiki.
(Etichetta: visualeditor)
 
(26 versioni intermedie di 2 utenti non mostrate)
Riga 1: Riga 1:
These are some basic settings for the whole itmSUITE® environment which can be made by the ''[[Glossary|superadmin]]'' only. These settings are available from '''''General/System/Application Settings''''' and they include: password policies management and mail server management.
+
These are some basic settings for the whole itmSUITE® environment which can be made by the ''[[Glossary|superadmin]]'' only. These settings are available from '''''General/System/Application Settings''''' and they include: password policies management and mail server (this mail server is only used to send password or username recovery message, it is not used at ''[[Glossary|company]]'' level).
  
 
== Password policies manangement ==
 
== Password policies manangement ==
Riga 15: Riga 15:
 
|<u>Password Expiration Warn Days</u> || The number of days the user is warned before the password expires.
 
|<u>Password Expiration Warn Days</u> || The number of days the user is warned before the password expires.
 
|| Mandatory
 
|| Mandatory
||   
+
||  The value "0" is entered by default, meaning the warning message will be never sent.
  
 
|-
 
|-
Riga 29: Riga 29:
 
|-
 
|-
 
|<u>Min Password Length</u> || The minimum number of characters of the password.
 
|<u>Min Password Length</u> || The minimum number of characters of the password.
|| Mandatory
+
|| Dependent, Mandatory
 +
|| This field is visible only if <u>Password Format</u> is enabled.
 +
 
 +
|-
 +
|<u>Min Uppercas Characters</u> || The minimum number of uppercase characters which the password should contain.
 +
|| Dependent, Mandatory
 
|| This field is visible only if <u>Password Format</u> is enabled.
 
|| This field is visible only if <u>Password Format</u> is enabled.
  
 
|-
 
|-
|<u>Min Uppercase Characters</u> || When set, this forces the ''[[Glossary|user]]'' to change his/her password at first login.
+
|<u>Min Numeric Characters</u> || The minimum number of numeric characters (0....9) which the password should contain.
|| Mandatory
+
|| Dependent, Mandatory
 
|| This field is visible only if <u>Password Format</u> is enabled.
 
|| This field is visible only if <u>Password Format</u> is enabled.
  
 
|-
 
|-
|<u>Min Numeric Characters</u> || When set, this forces the ''[[Glossary|user]]'' to change his/her password at first login.
+
|<u>Min Symbolic Characters</u> || The minimum number of symbols ($, &, %, etc.) which the password should contain.
|| Mandatory
+
|| Dependent, Mandatory
 
|| This field is visible only if <u>Password Format</u> is enabled.
 
|| This field is visible only if <u>Password Format</u> is enabled.
 +
 +
|}
 +
 +
It is possible not to set any policy which means no controls on password is made nor passwords expire.
 +
 +
== Login Options ==
 +
The <u>''Login Options''</u> tab allows to setup autorecovery and login locking features.
 +
 +
=== Autorecovery ===
 +
Autorecovery feature allows the ''[[Glossary|user]]'' to recover his/her username and password. If <u>Account Recovery</u> is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the ''[[Glossary|user]]'' a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. '''<u>This feature is not available if [[LDAP]] integration is configured</u>'''.
 +
 +
=== Login locking features ===
 +
This is a security feature of itmSUITE®, enabling to lock intrusions which try to crack passwords. The feature will lock the ''[[Glossary|user]]'' account according to predefined access patterns. The following configurations are available:
 +
 +
{| class="wikitable"
 +
! Field !! Description !! Characteristics !! Comments
  
 
|-
 
|-
|<u>Min Symbolic Characters</u> || When set, this forces the ''[[Glossary|user]]'' to change his/her password at first login.
+
|<u>Enable Login lock</u> || If set, it enables locking policies according to the configured rules.
 
|| Mandatory
 
|| Mandatory
|| This field is visible only if <u>Password Format</u> is enabled.
+
||
 +
 +
|-
 +
|<u>Max Login Attempts</u> || Maximum login attempts allowed before locking a ''[[Glossary|user]]''.
 +
|| Dependent, Mandatory
 +
||  This field is visible only if <u>Enable Login Lock</u> is enabled.
 +
 
 +
|-
 +
|<u>Lock Management Policy</u> || It sets the policy used when login is locked. The following policies are available:
 +
* "Lock Period"
 +
* "Manual Reactivation"
 +
"Lock Period" policy uses <u>Freeze Time</u> and <u>Max Login Sessions</u> parameters. It is the time during which a ''[[Glossary|user]]'' can't login if he/she failed to provide the correct credentials for a maximum number of times (set with <u>Max Login Attempts</u>).
 +
 
 +
"Manual Reactivation" policy means that the ''[[Glossary|user]]'' shall be reactivated manually after is account is locked.
 +
|| Dependent, Mandatory
 +
||  This field is visible only if <u>Enable Login Lock</u> is enabled.
 +
 
 +
|-
 +
|<u>Freeze Time</u> || The number of minutes the ''[[Glossary|user]]'' shall wait before the system allows him/her to attempt another login. This time is operational if the <u>Lock Management Policy</u> is set to "Lock Period".
 +
|| Dependent, Mandatory
 +
|| This field is visible only if <u>Enable Login Lock</u> is enabled.
 +
 
 +
|-
 +
|<u>Max Login Sessions</u> || Max number of consecutive locks which are admitted. A lock occurs if the ''[[Glossary|user]]'' fails to provide the correct credentials for a maximum number of times (set with <u>Max Login Attempts</u>). After the ''[[Glossary|user]]'' has exceeded the maximum number of locks, it shall be reactivated manually by the ''[[Glossary|superadmin]]''.
 +
|| Dependent, Mandatory
 +
|| This field is visible only if <u>Enable Login Lock</u> is enabled.
  
 
|}
 
|}
 +
If a locking policy is set, the [[Glossary|users]] can be locked if they fail to give their correct credentials as defined in the policy rules. If so, they can be unlocked by an ''[[Glossary|admin]]'' or ''[[Glossary|superadmin]]''. ''[[Glossary|Admin]]'' may unlock ''[[Glossary|users]]'' associated with his/her administered ''[[Glossary|companies]]''. ''[[Glossary|Superadmin]]'' may unlock ''[[Glossary|admins]]''.
 +
 +
Logging sessions and locking events are monitored by itmSUITE®. Please, refer to [[Users and Resources]] page for more information.
 +
 +
== Mail options ==
 +
The settings of the <u>''Mail Options''</u> tab allow to define the parameters for the mail sending server. The following configurations are available:
 +
 +
{| class="wikitable"
 +
! Field !! Description !! Characteristics !! Comments
 +
 +
|-
 +
|<u>Host</u> || TBC
 +
|| Mandatory
 +
|| 
 +
 +
|-
 +
|<u>Port</u> || TBC
 +
|| Mandatory
 +
|| 
 +
 +
|-
 +
|<u>User</u> || TBC
 +
|| Discretionary
 +
|| 
  
It is possible not to set any policy....
+
|-
 +
|<u>Password</u> || TBC
 +
|| Discretionary
 +
|| 
 +
|-
 +
 
 +
|<u>Mail from</u> || TBC
 +
|| Mandatory
 +
||
 +
 
 +
|-
 +
|<u>Advanced Properties</u> || TBC
 +
|| Discretionary
 +
||
 +
 
 +
|}

Versione attuale delle 12:43, 12 mag 2015

These are some basic settings for the whole itmSUITE® environment which can be made by the superadmin only. These settings are available from General/System/Application Settings and they include: password policies management and mail server (this mail server is only used to send password or username recovery message, it is not used at company level).

Password policies manangement

The Password Options tab of General/System/Application Settings enables to activate management policies for the whole itmSUITE® environment (they will be applied to all the defined companies in the environment). When the Enable Policy field is checked, the following fields become editable:

Field Description Characteristics Comments
Password Expiration Days The number of days the password will remain valid. Mandatory The value "0" is entered by default, meaning the password never expires. The expiration days are newly counted after any password reset.
Password Expiration Warn Days The number of days the user is warned before the password expires. Mandatory The value "0" is entered by default, meaning the warning message will be never sent.
Change at First Login When set, this forces the user to change his/her password at first login. Mandatory
Password Format When set, this fnable to define the rules to validate a passwordorces the user to change his/her password at first login. Mandatory This field is visible only if the Password Options tab is first saved.
Min Password Length The minimum number of characters of the password. Dependent, Mandatory This field is visible only if Password Format is enabled.
Min Uppercas Characters The minimum number of uppercase characters which the password should contain. Dependent, Mandatory This field is visible only if Password Format is enabled.
Min Numeric Characters The minimum number of numeric characters (0....9) which the password should contain. Dependent, Mandatory This field is visible only if Password Format is enabled.
Min Symbolic Characters The minimum number of symbols ($, &, %, etc.) which the password should contain. Dependent, Mandatory This field is visible only if Password Format is enabled.

It is possible not to set any policy which means no controls on password is made nor passwords expire.

Login Options

The Login Options tab allows to setup autorecovery and login locking features.

Autorecovery

Autorecovery feature allows the user to recover his/her username and password. If Account Recovery is set, itmSUITE® will supply the needed links to recover username and/or password if lost. This is done by sending to the user a mail to his/her mail address with the instructions to recover the information. Therefore, mail server configuration shall be completed to make it working. This feature is not available if LDAP integration is configured.

Login locking features

This is a security feature of itmSUITE®, enabling to lock intrusions which try to crack passwords. The feature will lock the user account according to predefined access patterns. The following configurations are available:

Field Description Characteristics Comments
Enable Login lock If set, it enables locking policies according to the configured rules. Mandatory
Max Login Attempts Maximum login attempts allowed before locking a user. Dependent, Mandatory This field is visible only if Enable Login Lock is enabled.
Lock Management Policy It sets the policy used when login is locked. The following policies are available:
  • "Lock Period"
  • "Manual Reactivation"

"Lock Period" policy uses Freeze Time and Max Login Sessions parameters. It is the time during which a user can't login if he/she failed to provide the correct credentials for a maximum number of times (set with Max Login Attempts).

"Manual Reactivation" policy means that the user shall be reactivated manually after is account is locked.

Dependent, Mandatory This field is visible only if Enable Login Lock is enabled.
Freeze Time The number of minutes the user shall wait before the system allows him/her to attempt another login. This time is operational if the Lock Management Policy is set to "Lock Period". Dependent, Mandatory This field is visible only if Enable Login Lock is enabled.
Max Login Sessions Max number of consecutive locks which are admitted. A lock occurs if the user fails to provide the correct credentials for a maximum number of times (set with Max Login Attempts). After the user has exceeded the maximum number of locks, it shall be reactivated manually by the superadmin. Dependent, Mandatory This field is visible only if Enable Login Lock is enabled.

If a locking policy is set, the users can be locked if they fail to give their correct credentials as defined in the policy rules. If so, they can be unlocked by an admin or superadmin. Admin may unlock users associated with his/her administered companies. Superadmin may unlock admins.

Logging sessions and locking events are monitored by itmSUITE®. Please, refer to Users and Resources page for more information.

Mail options

The settings of the Mail Options tab allow to define the parameters for the mail sending server. The following configurations are available:

Field Description Characteristics Comments
Host TBC Mandatory
Port TBC Mandatory
User TBC Discretionary
Password TBC Discretionary
Mail from TBC Mandatory
Advanced Properties TBC Discretionary